AI GovernanceJuly 7, 2026VDF AI Team

EU AI Act Enforcement Timeline: A Deployer's On-Premises Readiness Checklist by Phase

The EU AI Act applies in phases, and the high-risk obligations land in 2026-2027 — with a proposed amendment that may shift some of them. This is a phase-by-phase readiness view for deployers of high-risk AI, mapped to the on-premises controls that make each obligation demonstrable.

The EU AI Act does not switch on all at once. It applies in phases, and for most enterprises the phases that matter are still ahead. The prohibitions and AI-literacy provisions already apply. General-purpose AI model obligations have begun. The obligations that touch the largest number of organisations — those for high-risk AI systems — arrive in the 2026-2027 window, with a proposed amendment that may shift parts of that timeline.

This is not a legal guide, and nothing here is legal advice. It is an operational readiness view for deployers: organisations using AI systems in regulated contexts, who need to know what lands when and what infrastructure makes each obligation demonstrable. Where the obligations assume traceability, human oversight, and record-keeping, an on-premises platform is often the most direct way to hold the evidence yourself rather than depend on a provider for it.

First, know your role and your risk category

Two questions determine what applies to you before any date does.

Are you a provider or a deployer? A provider develops a system or places it on the market under its own name. A deployer uses a system under its own authority. Most enterprises adopting AI are deployers — and deployers of high-risk systems have their own obligations, including operating the system according to instructions, ensuring human oversight, monitoring operation, and keeping logs. If you fine-tune or substantially modify a system, you may take on provider obligations too. This distinction, and where it moves under private deployment, is explored in Human Oversight in AI Systems: EU AI Act Requirements.

Is the system high-risk? The heaviest obligations attach to high-risk systems — broadly, those listed in Annex III (areas such as employment, essential services, law enforcement, and critical infrastructure) and those that are safety components of regulated products under Annex I. Many enterprise systems are not high-risk and carry lighter, mainly transparency-oriented duties. Getting the classification right is the first readiness task; over- and under-classifying both carry cost.

The important point for planning: the obligations follow the risk category and your role, not the hosting model. Running on-premises does not reduce what the law requires. What it changes is your ability to produce the evidence yourself.

The phases, and what each one asks of a deployer

Phase 1 — In effect: prohibitions and AI literacy (from 2 February 2025)

The Act’s prohibited practices and the AI-literacy obligation already apply. For a deployer this means two things are due now: confirming that no system in use falls into a prohibited category, and ensuring staff who operate or oversee AI have a level of AI literacy appropriate to their role.

Readiness: maintain an inventory of AI systems in use with a documented risk classification for each, and run role-appropriate AI-literacy enablement for operators and overseers.

Phase 2 — In effect: general-purpose AI and governance (from 2 August 2025)

Obligations for general-purpose AI model providers have begun, national competent authorities are being stood up, and the EU-level governance structures are operational. Deployers are mainly affected indirectly — through the documentation and instructions that GPAI and system providers must now supply.

Readiness: collect and retain provider documentation for the models and systems you deploy. If you route across multiple models, know which models you use and keep their documentation on file — a task made easier when model routing is an explicit, catalogued decision rather than a hidden default.

Phase 3 — Approaching: high-risk systems under Annex III (2 August 2026, statutory date)

This is the phase most enterprises are preparing for. Under the Act’s statutory timeline, the core obligations for Annex III high-risk systems apply from 2 August 2026, alongside the Article 50 transparency requirements and the start of national and EU-level enforcement.

For a deployer of a high-risk system, the operational obligations include using the system in line with the provider’s instructions, ensuring meaningful human oversight, monitoring operation and reporting serious incidents, and keeping the logs the system automatically generates.

Readiness: this is where infrastructure does real work — see the checklist below.

Phase 4 — Later: high-risk in regulated products under Annex I (2 August 2027, statutory date)

Obligations for high-risk AI that is a safety component of products already covered by EU harmonised legislation apply from 2 August 2027 under the statutory timeline. This mainly concerns organisations building or deploying AI inside regulated physical or software products.

Readiness: the same control base as Phase 3, integrated with the existing product-safety and conformity processes those sectors already run.

A note on the proposed timeline change

In late 2025 the Commission proposed a “Digital Omnibus” package that would, among other things, link some high-risk obligations to the availability of supporting tools such as harmonised standards — with the effect of deferring parts of the high-risk timeline beyond the 2 August 2026 and 2 August 2027 dates above.

Two things matter for planning. First, a proposal is not the law: these changes take legal effect only once formally adopted and published in the Official Journal, and until then the statutory dates remain the operative ones. Second, the direction of the underlying obligations is not in dispute — deferral changes when, not whether. Building the control base now is robust to either outcome, and treating the earlier statutory dates as the planning assumption is the conservative choice. Confirm the current status against official sources before you commit to a specific date.

The deployer readiness checklist, mapped to on-premises controls

The high-risk deployer obligations translate into a small set of capabilities. Each is easier to demonstrate when you own the infrastructure that produces the evidence.

  • System inventory and classification. A living register of AI systems in use, each with a documented risk category, purpose, owner, and the provider documentation on file. This underpins every other obligation.
  • Human oversight that is real, not nominal. Defined points where a person can review, approve, or intervene in a high-risk workflow — with the authority and information to do so meaningfully. On-premises deployment lets you place oversight gates exactly where policy requires. See Human Oversight in AI Systems.
  • Automatic logging, retained. High-risk systems generate logs; deployers must keep them. Owning the log store means retention, access control, and integrity are yours to set — covered in AI Agent Observability: Logs, Traces, and Audit Trails.
  • Traceability of decisions. The ability to reconstruct what a system did, on which data, using which model, and who approved the outcome — the decision-receipt pattern turns raw logs into reviewable records.
  • Monitoring and incident reporting. Operational monitoring that can surface serious incidents and malfunctions in time to report them, with a defined path for doing so.
  • Documentation that assembles into evidence. The classifications, oversight designs, logs, and provider records need to come together into a coherent pack when an authority asks — the goal of the EU AI Act evidence pack approach, and the architecture behind it in EU AI Act-Ready On-Premises AI Architecture.

No platform delivers compliance out of the box, and none can guarantee it. What owning the infrastructure gives a deployer is direct control over the six capabilities above — the operational substance the obligations assume — rather than a dependency on a third party to produce your evidence for you.

How VDF AI supports deployer readiness

VDF AI is designed for private, on-premises, and air-gapped deployment, which keeps the logs, audit trails, human-oversight points, and documentation for high-risk systems inside infrastructure you control. VDF AI Networks and VDF AI Agents let you place human-in-the-loop approval gates where policy requires, record decisions as traceable receipts, and retain governed logs on your own terms. It does not make an organisation compliant — that depends on your classifications, controls, and documentation — but it provides the operational foundation those obligations assume.

Start from the two questions — your role and your risk category — build the control base now, and track the timeline against official sources as the proposed amendment moves through adoption.

Further reading


Preparing for the high-risk phases? See VDF AI’s approach to governed on-premises AI or book a demo.

Frequently Asked Questions

When do the EU AI Act's high-risk obligations apply?

Under the Act's statutory timeline, obligations for high-risk systems listed in Annex III apply from 2 August 2026, and obligations for high-risk AI embedded in regulated products under Annex I apply from 2 August 2027. A proposed Digital Omnibus amendment would defer some of these dates, but it only takes legal effect once formally adopted and published. Organisations should confirm the current status against official sources before relying on a specific date.

What is the difference between a provider and a deployer under the EU AI Act?

A provider develops an AI system or places it on the market under its own name. A deployer uses an AI system under its authority in the course of its activity. Most enterprises adopting AI are deployers, and deployers of high-risk systems carry their own obligations — including human oversight, using systems according to instructions, monitoring, and record-keeping — separate from the provider's.

Does running AI on-premises change EU AI Act obligations?

No. The obligations attach to the risk category and the role, not to where the system is hosted. On-premises deployment does not reduce what the law requires — but it does give a deployer direct control over the logs, audit trails, human-oversight points, and documentation needed to demonstrate the required controls, rather than depending on a third party for that evidence.

Is compliance with the EU AI Act guaranteed by any platform?

No platform can guarantee legal compliance, and this article does not offer legal advice. Compliance depends on how an organisation classifies its systems, implements controls, and documents them. What good infrastructure provides is the operational capability — traceability, oversight, record-keeping — that the obligations assume, making the required controls practical to implement and evidence.

AI Governance

Is your AI governance audit-ready?

Get a readiness review of your AI controls — policy, oversight, audit trails, and EU AI Act evidence — mapped against what production actually requires.

See the AI governance checklist